chore(deps): update actions/checkout action to v4 #54
GitHub Actions / Security audit
failed
Oct 19, 2023 in 0s
Security advisories found
1 advisory(ies), 1 unmaintained, 1 other
Details
Vulnerabilities
RUSTSEC-2023-0065
Tungstenite allows remote attackers to cause a denial of service
| Details | |
|---|---|
| Package | tungstenite |
| Version | 0.17.3 |
| URL | snapview/tungstenite-rs#376 |
| Date | 2023-09-25 |
| Patched versions | >=0.20.1 |
The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause
a denial of service (minutes of CPU consumption) via an excessive length of an
HTTP header in a client handshake. The length affects both how many times a parse
is attempted (e.g., thousands of times) and the average amount of data for each
parse attempt (e.g., millions of bytes).
Warnings
RUSTSEC-2021-0141
dotenv is Unmaintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | dotenv |
| Version | 0.15.0 |
| URL | dotenv-rs/dotenv#74 |
| Date | 2021-12-24 |
dotenv by description is meant to be used in development or testing only.
Using this in production may or may not be advisable.
Alternatives
The below may or may not be feasible alternative(s):
Loading